<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <title>CBC | 狼组安全团队公开知识库</title>
    <meta name="description" content="">
    <meta name="generator" content="VuePress 1.7.1">
    <link rel="icon" href="/assets/logo.svg">
    <script type="text/javascript" src="/assets/js/push.js"></script>
    <meta name="description" content="致力于打造信息安全乌托邦">
    <meta name="referrer" content="never">
    <meta name="keywords" content="知识库,公开知识库,狼组,狼组安全团队知识库,knowledge">
    <link rel="preload" href="/assets/css/0.styles.32ca519c.css" as="style"><link rel="preload" href="/assets/js/app.f7464420.js" as="script"><link rel="preload" href="/assets/js/2.26207483.js" as="script"><link rel="preload" href="/assets/js/27.865bdc75.js" as="script"><link rel="prefetch" href="/assets/js/10.55514509.js"><link rel="prefetch" href="/assets/js/11.ec576042.js"><link rel="prefetch" href="/assets/js/12.a5584a2f.js"><link rel="prefetch" href="/assets/js/13.c9f84b2e.js"><link rel="prefetch" href="/assets/js/14.d2a5440c.js"><link rel="prefetch" href="/assets/js/15.2f271296.js"><link rel="prefetch" href="/assets/js/16.0895ce42.js"><link rel="prefetch" href="/assets/js/17.627e2976.js"><link rel="prefetch" href="/assets/js/18.73745a4c.js"><link rel="prefetch" href="/assets/js/19.19350186.js"><link rel="prefetch" href="/assets/js/20.e4eac589.js"><link rel="prefetch" href="/assets/js/21.fc0657ba.js"><link rel="prefetch" href="/assets/js/22.f4a1220f.js"><link rel="prefetch" href="/assets/js/23.c8cce92d.js"><link rel="prefetch" href="/assets/js/24.46225ec2.js"><link rel="prefetch" href="/assets/js/25.9b6d75e4.js"><link rel="prefetch" href="/assets/js/26.288f535e.js"><link rel="prefetch" href="/assets/js/28.f4224fef.js"><link rel="prefetch" href="/assets/js/29.6393a40b.js"><link rel="prefetch" href="/assets/js/3.a509f503.js"><link rel="prefetch" href="/assets/js/30.d5a49f97.js"><link rel="prefetch" href="/assets/js/31.eb3647df.js"><link rel="prefetch" href="/assets/js/32.7f48a571.js"><link rel="prefetch" href="/assets/js/33.1f374ffa.js"><link rel="prefetch" href="/assets/js/34.5a911179.js"><link rel="prefetch" href="/assets/js/35.d2bcc7ef.js"><link rel="prefetch" href="/assets/js/36.42e440bd.js"><link rel="prefetch" href="/assets/js/37.dedbbdea.js"><link rel="prefetch" href="/assets/js/38.d68d1f69.js"><link rel="prefetch" href="/assets/js/39.e278f860.js"><link rel="prefetch" href="/assets/js/4.35636da8.js"><link rel="prefetch" href="/assets/js/40.97f4e937.js"><link rel="prefetch" href="/assets/js/41.38630688.js"><link rel="prefetch" href="/assets/js/42.cae56aa5.js"><link rel="prefetch" href="/assets/js/43.61a04b16.js"><link rel="prefetch" href="/assets/js/44.5c6230f2.js"><link rel="prefetch" href="/assets/js/45.0f1355ae.js"><link rel="prefetch" href="/assets/js/46.c1906649.js"><link rel="prefetch" href="/assets/js/47.7ae220ce.js"><link rel="prefetch" href="/assets/js/48.59af224e.js"><link rel="prefetch" href="/assets/js/49.6a33a171.js"><link rel="prefetch" href="/assets/js/5.08ab40ee.js"><link rel="prefetch" href="/assets/js/50.f14601d2.js"><link rel="prefetch" href="/assets/js/51.f20841fd.js"><link rel="prefetch" href="/assets/js/52.fb0a5327.js"><link rel="prefetch" href="/assets/js/53.8013048c.js"><link rel="prefetch" href="/assets/js/54.d132c2f8.js"><link rel="prefetch" href="/assets/js/55.87aa8b5d.js"><link rel="prefetch" href="/assets/js/56.161f38ad.js"><link rel="prefetch" href="/assets/js/57.bd6a2ef2.js"><link rel="prefetch" href="/assets/js/58.8a69f15a.js"><link rel="prefetch" href="/assets/js/59.93c0e2de.js"><link rel="prefetch" href="/assets/js/6.fda5ce3a.js"><link rel="prefetch" href="/assets/js/60.10091d44.js"><link rel="prefetch" href="/assets/js/61.cd1e3b10.js"><link rel="prefetch" href="/assets/js/62.9c0ad8c5.js"><link rel="prefetch" href="/assets/js/63.4a8dd9d2.js"><link rel="prefetch" href="/assets/js/64.6bf3fede.js"><link rel="prefetch" href="/assets/js/65.7a2ccc50.js"><link rel="prefetch" href="/assets/js/66.874d563b.js"><link rel="prefetch" href="/assets/js/67.bb86eab2.js"><link rel="prefetch" href="/assets/js/68.c1db2a2b.js"><link rel="prefetch" href="/assets/js/69.8141480b.js"><link rel="prefetch" href="/assets/js/7.d1fe6bef.js"><link rel="prefetch" href="/assets/js/70.9fb74c80.js"><link rel="prefetch" href="/assets/js/71.d1e4e9ab.js"><link rel="prefetch" href="/assets/js/72.e6bf83fb.js"><link rel="prefetch" href="/assets/js/73.6dd6c980.js"><link rel="prefetch" href="/assets/js/74.3612ba47.js"><link rel="prefetch" href="/assets/js/75.6e1a2434.js"><link rel="prefetch" href="/assets/js/76.5bfa4bcc.js"><link rel="prefetch" href="/assets/js/77.784df031.js"><link rel="prefetch" href="/assets/js/78.aa94a0a0.js"><link rel="prefetch" href="/assets/js/79.c4e9a4f2.js"><link rel="prefetch" href="/assets/js/8.63fd05d7.js"><link rel="prefetch" href="/assets/js/80.8d47d1f7.js"><link rel="prefetch" href="/assets/js/81.1160b022.js"><link rel="prefetch" href="/assets/js/82.7d17e5c8.js"><link rel="prefetch" href="/assets/js/83.a2ff144a.js"><link rel="prefetch" href="/assets/js/84.53d29383.js"><link rel="prefetch" href="/assets/js/9.b49161a4.js">
    <link rel="stylesheet" href="/assets/css/0.styles.32ca519c.css">
  </head>
  <body>
    <div id="app" data-server-rendered="true"><div class="theme-container"><header class="navbar"><div class="ant-row"><div class="nav-button"><i aria-label="icon: bars" class="anticon anticon-bars"><svg viewBox="0 0 1024 1024" focusable="false" data-icon="bars" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M912 192H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 284H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zm0 284H328c-4.4 0-8 3.6-8 8v56c0 4.4 3.6 8 8 8h584c4.4 0 8-3.6 8-8v-56c0-4.4-3.6-8-8-8zM104 228a56 56 0 1 0 112 0 56 56 0 1 0-112 0zm0 284a56 56 0 1 0 112 0 56 56 0 1 0-112 0zm0 284a56 56 0 1 0 112 0 56 56 0 1 0-112 0z"></path></svg></i> <span></span></div> <div class="ant-col ant-col-xs-24 ant-col-sm-24 ant-col-md-6 ant-col-lg-5 ant-col-xl-5 ant-col-xxl-4"><a href="/" class="router-link-active home-link"><img src="/assets/logo.svg" alt="狼组安全团队公开知识库" class="logo"> <span class="site-name">狼组安全团队公开知识库</span></a> <div class="search-box mobile-search"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div></div> <div class="ant-col ant-col-xs-0 ant-col-sm-0 ant-col-md-18 ant-col-lg-19 ant-col-xl-19 ant-col-xxl-20"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><ul role="menu" id="nav" class="ant-menu ant-menu-horizontal ant-menu-root ant-menu-light"><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/" class="router-link-active">
          首页
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/guide/">
          使用指南
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/knowledge/" class="router-link-active">
          知识库
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="display:none;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li><li role="menuitem" class="ant-menu-item"><a href="/opensource/">
          开源项目
        </a></li><li role="menuitem" class="ant-menu-submenu ant-menu-submenu-horizontal ant-menu-overflowed-submenu" style="visibility:hidden;position:absolute;"><div aria-haspopup="true" class="ant-menu-submenu-title"><span>···</span><i class="ant-menu-submenu-arrow"></i></div></li></ul> <a href="https://github.com/wgpsec" target="_blank" rel="noopener noreferrer" class="repo-link"><i aria-label="icon: github" class="anticon anticon-github"><svg viewBox="64 64 896 896" focusable="false" data-icon="github" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M511.6 76.3C264.3 76.2 64 276.4 64 523.5 64 718.9 189.3 885 363.8 946c23.5 5.9 19.9-10.8 19.9-22.2v-77.5c-135.7 15.9-141.2-73.9-150.3-88.9C215 726 171.5 718 184.5 703c30.9-15.9 62.4 4 98.9 57.9 26.4 39.1 77.9 32.5 104 26 5.7-23.5 17.9-44.5 34.7-60.8-140.6-25.2-199.2-111-199.2-213 0-49.5 16.3-95 48.3-131.7-20.4-60.5 1.9-112.3 4.9-120 58.1-5.2 118.5 41.6 123.2 45.3 33-8.9 70.7-13.6 112.9-13.6 42.4 0 80.2 4.9 113.5 13.9 11.3-8.6 67.3-48.8 121.3-43.9 2.9 7.7 24.7 58.3 5.5 118 32.4 36.8 48.9 82.7 48.9 132.3 0 102.2-59 188.1-200 212.9a127.5 127.5 0 0 1 38.1 91v112.5c.8 9 0 17.9 15 17.9 177.1-59.7 304.6-227 304.6-424.1 0-247.2-200.4-447.3-447.5-447.3z"></path></svg></i></a></nav></div></div> <!----></header> <aside class="sidebar"><div><div class="promo"><div id="promo_3"><div class="promo_title">赞助商</div> <button type="button" class="ant-btn ant-btn-primary ant-btn-background-ghost"><span>成为赞助商</span></button></div></div> <div role="separator" id="reset-margin" class="ant-divider ant-divider-horizontal ant-divider-dashed"></div></div> <ul class="sidebar-links"><li><a href="/knowledge/" aria-current="page" title="知识库广告位招租" class="sidebar-link">知识库广告位招租</a></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading open"><span>CTF</span> <span class="arrow down"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/knowledge/ctf/" aria-current="page" title="分类简介" class="sidebar-link">分类简介</a></li><li><a href="/knowledge/ctf/ctf.html" title="什么是CTF？" class="sidebar-link">什么是CTF？</a></li><li><a href="/knowledge/ctf/xxe.html" title="XXE" class="sidebar-link">XXE</a></li><li><a href="/knowledge/ctf/ssrf-gopher.html" title="ssrf gopher协议" class="sidebar-link">ssrf gopher协议</a></li><li><a href="/knowledge/ctf/exec.html" title="命令执行" class="sidebar-link">命令执行</a></li><li><a href="/knowledge/ctf/PRF.html" title="伪随机数" class="sidebar-link">伪随机数</a></li><li><a href="/knowledge/ctf/php-serialize.html" title="PHP反序列化" class="sidebar-link">PHP反序列化</a></li><li><a href="/knowledge/ctf/uploadfile.html" title="文件上传" class="sidebar-link">文件上传</a></li><li><a href="/knowledge/ctf/deserialize-byte-escape.html" title="反序列化字节逃逸" class="sidebar-link">反序列化字节逃逸</a></li><li><a href="/knowledge/ctf/bypass-disable-function.html" title="bypass-disable-function" class="sidebar-link">bypass-disable-function</a></li><li><a href="/knowledge/ctf/JWT.html" title="JWT" class="sidebar-link">JWT</a></li><li><a href="/knowledge/ctf/js-prototype-chain-pollution.html" title="nodejs原型链污染" class="sidebar-link">nodejs原型链污染</a></li><li><a href="/knowledge/ctf/SSTI.html" title="SSTI" class="sidebar-link">SSTI</a></li><li><a href="/knowledge/ctf/CBC.html" aria-current="page" title="CBC" class="active sidebar-link">CBC</a></li><li><a href="/knowledge/ctf/Hash-Leng-Extension.html" title="哈希长度拓展攻击" class="sidebar-link">哈希长度拓展攻击</a></li><li><a href="/knowledge/ctf/RSA.html" title="RSA" class="sidebar-link">RSA</a></li><li><a href="/knowledge/ctf/Volatility.html" title="Volatility取证分析工具" class="sidebar-link">Volatility取证分析工具</a></li><li><a href="/knowledge/ctf/ret2text.html" title="ret2text" class="sidebar-link">ret2text</a></li><li><a href="/knowledge/ctf/ret2shellcode.html" title="ret2shellcode" class="sidebar-link">ret2shellcode</a></li><li><a href="/knowledge/ctf/ret2syscall.html" title="ret2syscall" class="sidebar-link">ret2syscall</a></li><li><a href="/knowledge/ctf/re2libc.html" title="ret2libc" class="sidebar-link">ret2libc</a></li><li><a href="/knowledge/ctf/ret2csu.html" title="ret2csu" class="sidebar-link">ret2csu</a></li></ul></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>基础知识</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>工具手册</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>Web安全</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>攻防对抗</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li><li><section class="sidebar-group collapsable depth-0"><p class="sidebar-heading"><span>代码审计</span> <span class="arrow right"><i aria-label="icon: down" class="anticon anticon-down"><svg viewBox="64 64 896 896" focusable="false" data-icon="down" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M884 256h-75c-5.1 0-9.9 2.5-12.9 6.6L512 654.2 227.9 262.6c-3-4.1-7.8-6.6-12.9-6.6h-75c-6.5 0-10.3 7.4-6.5 12.7l352.6 486.1c12.8 17.6 39 17.6 51.7 0l352.6-486.1c3.9-5.3.1-12.7-6.4-12.7z"></path></svg></i></span></p> <!----></section></li></ul></aside> <main class="page"> <div class="theme-antdocs-content content__default"><h1 id="cbc">CBC <a href="#cbc" class="header-anchor">#</a></h1> <h2 id="现代密码体制">现代密码体制 <a href="#现代密码体制" class="header-anchor">#</a></h2> <blockquote><p>现代密码中的加密体制一般分为对称加密体制(Symmetric Key Encryption)和非对称加密体制(Asymmetric Key Encryption)。对称加密又被分为分组加密和序列密码。</p> <p>分组密码：也叫块加密(block cyphers)，一次加密明文中的一个块。分组密码是将明文按一定的位长分组，明文组经过加密运算得到密文组，密文组经过解密运算（加密运算的逆运算），还原成明文组，主要有 ECB（电子密码本模式） ，CBC （密码分组链接模式） ，CFB （密文反馈模式） ，OFB （输出反馈模式），  CTR模式（计数器模式） 五种工作模式。</p> <p>序列密码：也叫流加密(stream cyphers)，一次加密明文中的一个位。序列密码是指利用少量的密钥（制乱元素）通过某种复杂的运算（密码算法）产生大量的伪随机位流，用于对明文位流的加密。解密是指用同样的密钥和密码算法及与加密相同的伪随机位流，用以还原明文位流。</p></blockquote> <h2 id="cbc-模式">CBC 模式 <a href="#cbc-模式" class="header-anchor">#</a></h2> <blockquote><p>CBC (Cipher Block Chaining, 密码分组链接) 模式中每一个分组要先和前一个分组加密后的数据进行XOR异或操作，然后再进行加密。这样每个密文块依赖该块之前的所有明文块，为了保持每条消息都具有唯一性，第一个数据块进行加密之前需要用初始化向量IV进行异或操作。CBC模式是一种最常用的加密模式，它主要缺点是需要初始向量，加密是连续的，不能并行处理，并且与ECB一样消息块必须填充到块大小的整倍数。</p></blockquote> <h2 id="cbc-工作模式">CBC 工作模式 <a href="#cbc-工作模式" class="header-anchor">#</a></h2> <h3 id="加密过程">加密过程 <a href="#加密过程" class="header-anchor">#</a></h3> <p><img src="/images/CBC/CBCE.png" alt="CBC"></p> <p>上图为CBC加密原理图</p> <blockquote><ul><li>Plaintext：明文，待加密的数据</li> <li>IV ：初始向量，用于随机化加密的比特块，保证即使对相同明文多次加密，也可以得到不同的密文</li> <li>Key：分组加密使用的对称密钥，由AES，Blowfish，DES，Triple DES等对称加密算法使用</li> <li>Ciphertext：加密后的数据，也叫密文数据</li> <li>固定分组：CBC在一个固定长度的位组上工作，称为块。这里使用包含16字节的块进行说明</li></ul></blockquote> <h4 id="文字流程">文字流程 <a href="#文字流程" class="header-anchor">#</a></h4> <p>主要流程：前一组密文块用来产生后一组密文块</p> <blockquote><ol><li>首先将明文分组(常见的以16字节为一组)，位数不足的使用特殊字符填充</li> <li>生成一个随机的初始化向量(IV)和一个密钥</li> <li>将IV和第一组明文异或产生初步密文，再用密钥对初步密文加密生成最终密文块</li> <li>用密钥对3中xor后产生的密文进行加密</li> <li>用4中产生的密文对第二组明文进行xor操作</li> <li>用密钥对5中产生的密文进行加密</li> <li>重复4-7，直至最后一组明文</li> <li>将IV和加密后的密文块拼接在一起，得到最终的密文</li></ol></blockquote> <p>从第一块 Plaintext 开始，首先与一个初始向量IV异或（IV只在第一块发挥作用），然后把异或的结果经过key进行加密，得到第一块的密文，并且把加密的结果与下一块的明文进行异或，一直这样重复进行下去直至最后一组明文。</p> <h4 id="公式描述">公式描述 <a href="#公式描述" class="header-anchor">#</a></h4> <blockquote><ul><li>Ciphertext-0 = Encrypt(Plaintext XOR IV)		#  只用于第一个组块</li> <li>Ciphertext-N = Encrypt(Plaintext XOR Ciphertext-(N-1)		#  用于第二及剩下的组块(N &gt; 1)</li></ul></blockquote> <h4 id="代码解析">代码解析 <a href="#代码解析" class="header-anchor">#</a></h4> <div class="language-C line-numbers-mode"><pre class="language-c"><code>cypher_t<span class="token operator">*</span> <span class="token function">aes_cbc_encrypt</span><span class="token punctuation">(</span>uint8_t<span class="token operator">*</span> key<span class="token punctuation">,</span> cypher_t<span class="token operator">*</span> data_in<span class="token punctuation">)</span>
<span class="token punctuation">{</span>
    <span class="token comment">//pad last block with 0</span>
    cypher_t<span class="token operator">*</span> data_in_padding <span class="token operator">=</span> <span class="token function">block_padding</span><span class="token punctuation">(</span>data_in<span class="token punctuation">)</span><span class="token punctuation">;</span>
    cypher_t<span class="token operator">*</span> cypher_out <span class="token operator">=</span> <span class="token punctuation">(</span>cypher_t<span class="token operator">*</span><span class="token punctuation">)</span><span class="token function">malloc</span><span class="token punctuation">(</span><span class="token keyword">sizeof</span><span class="token punctuation">(</span>uint8_t<span class="token punctuation">)</span> <span class="token operator">+</span> data_in<span class="token operator">-&gt;</span>len_data<span class="token punctuation">)</span><span class="token punctuation">;</span>
    cypher_out<span class="token operator">-&gt;</span>len_data <span class="token operator">=</span> data_in_padding<span class="token operator">-&gt;</span>len_data<span class="token punctuation">;</span>

    uint8_t iv<span class="token punctuation">[</span><span class="token number">16</span><span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token number">0</span><span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token function">memcpy</span><span class="token punctuation">(</span>iv<span class="token punctuation">,</span> IV<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    uint8_t temp_out<span class="token punctuation">[</span><span class="token number">16</span><span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token number">0</span><span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token keyword">for</span> <span class="token punctuation">(</span>uint8_t index <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> index <span class="token operator">&lt;</span> data_in_padding<span class="token operator">-&gt;</span>len_data<span class="token operator">/</span><span class="token number">16</span> <span class="token punctuation">;</span> <span class="token operator">++</span>index<span class="token punctuation">)</span><span class="token punctuation">{</span>
        <span class="token function">array_xor</span><span class="token punctuation">(</span><span class="token number">16</span><span class="token punctuation">,</span> temp_out<span class="token punctuation">,</span> data_in_padding<span class="token operator">-&gt;</span>data <span class="token operator">+</span> <span class="token punctuation">(</span>index <span class="token operator">*</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">,</span> iv<span class="token punctuation">)</span><span class="token punctuation">;</span>      <span class="token comment">//明文与iv异或</span>
        <span class="token function">_aes128_encryption</span><span class="token punctuation">(</span>key<span class="token punctuation">,</span> cypher_out<span class="token operator">-&gt;</span>data <span class="token operator">+</span> index <span class="token operator">*</span> <span class="token number">16</span><span class="token punctuation">,</span> temp_out<span class="token punctuation">)</span><span class="token punctuation">;</span>       <span class="token comment">//进行块加密得到密文，同时密文是下次加密的iv</span>
        <span class="token function">memcpy</span><span class="token punctuation">(</span>iv<span class="token punctuation">,</span> cypher_out<span class="token operator">-&gt;</span>data <span class="token operator">+</span> index <span class="token operator">*</span> <span class="token number">16</span><span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>                          <span class="token comment">//本次的密文是下次加密的iv</span>
    <span class="token punctuation">}</span>
    <span class="token function">free</span><span class="token punctuation">(</span>data_in_padding<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">return</span> cypher_out<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br><span class="line-number">17</span><br><span class="line-number">18</span><br></div></div><h3 id="解密过程">解密过程 <a href="#解密过程" class="header-anchor">#</a></h3> <p><img src="/images/CBC/CBCD.png" alt="CBCD"></p> <p>上图为CBC解密原理图</p> <p>只要了解了解密加密过程，反过来看解密过程也就比较简单了</p> <h4 id="文字流程-2">文字流程 <a href="#文字流程-2" class="header-anchor">#</a></h4> <p>主要流程：前一组密文块影响后一组密文块的还原</p> <blockquote><ol><li>从密文中提取出IV，然后将密文分组</li> <li>使用密钥对第一组密文进行解密，然后和IV进行xor得到明文</li> <li>使用密钥对第二组密文进行解密，然后和2中的密文xor得到明文</li> <li>重复2-3，直至最后一组密文</li></ol></blockquote> <h4 id="公式描述-2">公式描述 <a href="#公式描述-2" class="header-anchor">#</a></h4> <blockquote><ul><li>Plaintext-0 = Decrypt(Ciphertext) XOR IV		#  只用于第一个组块</li> <li>Plaintext-N = Decrypt(Ciphertext) XOR Ciphertext-(N-1)		#  用于第二及剩下的组块(N &gt; 1)</li></ul></blockquote> <h4 id="代码解析-2">代码解析 <a href="#代码解析-2" class="header-anchor">#</a></h4> <div class="language-c line-numbers-mode"><pre class="language-c"><code>cypher_t<span class="token operator">*</span> <span class="token function">aes_cbc_decrypt</span><span class="token punctuation">(</span>uint8_t<span class="token operator">*</span> key<span class="token punctuation">,</span> cypher_t<span class="token operator">*</span> data_in<span class="token punctuation">)</span>
<span class="token punctuation">{</span>
    cypher_t<span class="token operator">*</span> cypher_padding <span class="token operator">=</span> <span class="token function">block_padding</span><span class="token punctuation">(</span>data_in<span class="token punctuation">)</span><span class="token punctuation">;</span>
    cypher_t<span class="token operator">*</span> plain <span class="token operator">=</span> <span class="token punctuation">(</span>cypher_t<span class="token operator">*</span><span class="token punctuation">)</span><span class="token function">malloc</span><span class="token punctuation">(</span>data_in<span class="token operator">-&gt;</span>len_data<span class="token punctuation">)</span><span class="token punctuation">;</span>
    plain<span class="token operator">-&gt;</span>len_data <span class="token operator">=</span> cypher_padding<span class="token operator">-&gt;</span>len_data<span class="token punctuation">;</span>
    uint8_t iv<span class="token punctuation">[</span><span class="token number">16</span><span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token number">0</span><span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token function">memcpy</span><span class="token punctuation">(</span>iv<span class="token punctuation">,</span> IV<span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
    uint8_t temp_out<span class="token punctuation">[</span><span class="token number">16</span><span class="token punctuation">]</span> <span class="token operator">=</span> <span class="token punctuation">{</span><span class="token number">0</span><span class="token punctuation">}</span><span class="token punctuation">;</span>
    <span class="token keyword">for</span> <span class="token punctuation">(</span>uint8_t index <span class="token operator">=</span> <span class="token number">0</span><span class="token punctuation">;</span> index <span class="token operator">&lt;</span> cypher_padding<span class="token operator">-&gt;</span>len_data<span class="token operator">/</span><span class="token number">16</span> <span class="token punctuation">;</span> <span class="token operator">++</span>index<span class="token punctuation">)</span><span class="token punctuation">{</span>
        <span class="token function">_aes128_decryption</span><span class="token punctuation">(</span>key<span class="token punctuation">,</span> temp_out<span class="token punctuation">,</span> cypher_padding<span class="token operator">-&gt;</span>data <span class="token operator">+</span> <span class="token punctuation">(</span>index<span class="token operator">*</span><span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>   <span class="token comment">//密文块解密</span>
        <span class="token function">array_xor</span><span class="token punctuation">(</span><span class="token number">16</span><span class="token punctuation">,</span> plain<span class="token operator">-&gt;</span>data <span class="token operator">+</span> <span class="token punctuation">(</span>index<span class="token operator">*</span><span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">,</span> temp_out<span class="token punctuation">,</span> iv<span class="token punctuation">)</span><span class="token punctuation">;</span>                  <span class="token comment">//与iv异或得到明文</span>
        <span class="token function">memcpy</span><span class="token punctuation">(</span>iv<span class="token punctuation">,</span> cypher_padding<span class="token operator">-&gt;</span>data <span class="token operator">+</span> <span class="token punctuation">(</span>index<span class="token operator">*</span><span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token number">16</span><span class="token punctuation">)</span><span class="token punctuation">;</span>                      <span class="token comment">//设置下次解密用到的iv</span>
    <span class="token punctuation">}</span>
    <span class="token function">free</span><span class="token punctuation">(</span>cypher_padding<span class="token punctuation">)</span><span class="token punctuation">;</span>
    <span class="token keyword">return</span> plain<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br><span class="line-number">6</span><br><span class="line-number">7</span><br><span class="line-number">8</span><br><span class="line-number">9</span><br><span class="line-number">10</span><br><span class="line-number">11</span><br><span class="line-number">12</span><br><span class="line-number">13</span><br><span class="line-number">14</span><br><span class="line-number">15</span><br><span class="line-number">16</span><br></div></div><h2 id="padding-oracle">Padding oracle <a href="#padding-oracle" class="header-anchor">#</a></h2> <h3 id="攻击流程">攻击流程 <a href="#攻击流程" class="header-anchor">#</a></h3> <p>明文填充</p> <blockquote><ul><li><p>分组密码 Block Cipher 需要在加载前确保每个每组的长度都是分组长度的整数倍。一般情况下，明文的最后一个分组很有可能会出现长度不足分组的长度。</p></li> <li><p>这个时候，普遍的做法是在最后一组密文块后填充一个固定的值，这个值的大小为填充的字节总数。</p></li></ul> <div class="language- line-numbers-mode"><pre class="language-text"><code>最后还差1个字符，则填充1个0x01；
最后还差2个字符，则填充2个0x02；
最后还差3个字符，则填充3个0x03；
最后还差4个字符，则填充4个0x04；
这里特别需要注意的是：如果明文长度为16的整数字节长，它也需要填充（它会一次填充16位，且填充的字符为0x10）
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br><span class="line-number">5</span><br></div></div><ul><li>填充主要发生在最后一组密文块，我们需要格外关注最后一个分组。</li> <li>例如最后一组的末尾为0x02,即表示填充了2个Padding，如果最后的Padding不正确，即值和数量不一致，那么解密程序往往会抛出异常(Padding Error)。我们可以通过应用的错误回显，判断出Padding是否正确。</li> <li>前提条件是服务器会对我们显示padding error的异常，如果不回显那么就无法判断并进行利用。</li> <li>例如在web应用中，如果Padding不正确，则应用程序很可能会返回500的错误（程序执行错误）；如果Padding正确，但解密出来的内容不正确，则可能会返回200的自定义错误（业务上的规定）。所以，这种区别就可以成为一个二值逻辑的“注入点”。</li></ul></blockquote> <p>攻击成立的两个重要的假设前提：</p> <div class="language- line-numbers-mode"><pre class="language-text"><code>1. 攻击者能够获得密文（Ciphertext），以及附带在密文前面的IV（初始化向量）
2. 攻击者能够触发密文的解密过程，且能够知道密文的解密结果
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div><blockquote><ul><li>攻击流程实际上是不断地调整IV的值，在解密之后，最后一个字节的值为正确的Padding Byte，因为padding正确时，这时padding正确是指最终解密并异或出来的明文最后一个字节在正确padding的范围内就是正确的，虽然最后得到的明文不一定正确，但是padding是合法的，所以服务器返回200 。</li> <li>判断情况</li></ul> <div class="language- line-numbers-mode"><pre class="language-text"><code>（1）正常解密，得到明文
（2）解密成功，但是解密得到的和明文不匹配
（3）解密错误，抛出异常
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><ul><li>例如加密数据应用于cookie</li></ul></blockquote> <h2 id="cbc字节翻转攻击">CBC字节翻转攻击 <a href="#cbc字节翻转攻击" class="header-anchor">#</a></h2> <h3 id="攻击原理">攻击原理 <a href="#攻击原理" class="header-anchor">#</a></h3> <blockquote><ul><li>在 CBC 解密的公式描述中可以注意到Ciphertext-(N-1)是用来产生下一块明文，这里是字节翻转攻击发挥作用的地方。如果我们改变Ciphertext-N-1中的一个字节，然后和下一块解密后的密文xor，就可以得到一个不同的明文，而这个明文是我们可以控制的。</li> <li>在此基础上，通过破坏密文中的字节来改变明文中的字节，因此在破坏的密文中添加单引号等恶意字符来绕过过滤器，或通过将用户ID更改为admin来提升权限，或者更改应用程序所需的明文造成其他后果。</li></ul></blockquote> <h3 id="攻击流程-2">攻击流程 <a href="#攻击流程-2" class="header-anchor">#</a></h3> <p><img src="/images/CBC/CBCDturn.jpg" alt="CBCDturn"></p> <blockquote><ul><li><p>通过修改第一组的密文块字节，来构造我们需要的第二组明文， 当第一组密文块字节发生改变时会影响第一组明文块和第二组明文块。</p></li> <li><p>假如我们已知的明文解密后为1dmin，我们想构造一个初始IV，使其解密成admin，因此有以下逻辑：</p></li></ul> <div class="language- line-numbers-mode"><pre class="language-text"><code>原始的IV[1]^middle[i]=plain[1]  &lt;&lt;&lt;  题目逻辑
修改的IV[1]^middle[i]='a'       &lt;&lt;&lt;  我们想要
构造的IV[1]=middle[1]^'a'       &lt;&lt;&lt;  我们可以得到
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br></div></div><ul><li>用公式表示</li></ul> <div class="language- line-numbers-mode"><pre class="language-text"><code>A = B ^ C
C = A ^ B
A ^ B ^ C = 0
A ^ B ^ C ^ C' = C'
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br><span class="line-number">3</span><br><span class="line-number">4</span><br></div></div><ul><li>而原来的中间明文可以如下方式通过，原来的明文第一位又是可以通过Padding Oracle攻击得到的</li></ul> <div class="language- line-numbers-mode"><pre class="language-text"><code>middle[1]=原来的IV[1]^plain[1]	      &lt;&lt;&lt;  Padding Oracle 攻击
构造的IV[1]=原来的IV[1]^plain[1]^'a' 	&lt;&lt;&lt;  IV的第一位
</code></pre> <div class="line-numbers-wrapper"><span class="line-number">1</span><br><span class="line-number">2</span><br></div></div></blockquote> <h2 id="题目参考">题目参考 <a href="#题目参考" class="header-anchor">#</a></h2> <p><a href="https://buuoj.cn/challenges#%5BNCTF2017%5DBe%20admin" target="_blank" rel="noopener noreferrer">[NCTF2017] Be Admin<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></p> <p><a href="https://buuoj.cn/challenges#%5BNPUCTF2020%5Dweb%F0%9F%90%95" target="_blank" rel="noopener noreferrer">[NPUCTF2020]web🐕<span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></p></div> <footer class="page-edit"><!----> <div class="last-updated"><span class="prefix">上次更新:</span> <span class="time">12/18/2021, 12:46:42 PM</span></div></footer> <div class="page-nav"><p class="inner"><span class="prev"><a href="/knowledge/ctf/SSTI.html" class="prev"><i aria-label="icon: left" class="anticon anticon-left"><svg viewBox="64 64 896 896" focusable="false" data-icon="left" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M724 218.3V141c0-6.7-7.7-10.4-12.9-6.3L260.3 486.8a31.86 31.86 0 0 0 0 50.3l450.8 352.1c5.3 4.1 12.9.4 12.9-6.3v-77.3c0-4.9-2.3-9.6-6.1-12.6l-360-281 360-281.1c3.8-3 6.1-7.7 6.1-12.6z"></path></svg></i>
        SSTI
      </a></span> <span class="next"><a href="/knowledge/ctf/Hash-Leng-Extension.html">
        哈希长度拓展攻击
        <i aria-label="icon: right" class="anticon anticon-right"><svg viewBox="64 64 896 896" focusable="false" data-icon="right" width="1em" height="1em" fill="currentColor" aria-hidden="true"><path d="M765.7 486.8L314.9 134.7A7.97 7.97 0 0 0 302 141v77.3c0 4.9 2.3 9.6 6.1 12.6l360 281.1-360 281.1c-3.9 3-6.1 7.7-6.1 12.6V883c0 6.7 7.7 10.4 12.9 6.3l450.8-352.1a31.96 31.96 0 0 0 0-50.4z"></path></svg></i></a></span></p></div> </main> <!----></div><div class="global-ui"></div></div>
    <script src="/assets/js/app.f7464420.js" defer></script><script src="/assets/js/2.26207483.js" defer></script><script src="/assets/js/27.865bdc75.js" defer></script>
  </body>
</html>